Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24272

Опубликовано: 21 апр. 2022
Источник: redhat
CVSS3: 6.5

Описание

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.

A flaw was found in the MongoDB database when requesting unexpected queries due to incorrect validation on the $external database. This flaw allows an attacker to cause a denial of service on the database or a server crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Openshift Container Storage 4ocs4/mcg-core-rhel8Out of support scope
Red Hat Openshift Data Foundation 4noobaa-core-containerNot affected
Red Hat Openshift Data Foundation 4odf4/mcg-core-rhel9Not affected
Red Hat Satellite 6mongodbNot affected
Red Hat Update Infrastructure 3 for Cloud ProvidersmongodbWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=2077736mongodb: authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24272

CVSS3: 6.5
ubuntu
почти 4 года назад

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.

nvd логотип

CVE-2022-24272

CVSS3: 6.5
nvd
почти 4 года назад

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.

debian логотип

CVE-2022-24272

CVSS3: 6.5
debian
почти 4 года назад

An authenticated user may trigger an invariant assertion during comman ...

github логотип

GHSA-pg6q-x7mh-7cg2

CVSS3: 6.5
github
почти 4 года назад

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.

6.5 Medium

CVSS3